Rust Shillforce piles on Curl Author

https://daniel.haxx.se/blog/2017/03/30/yes-c-is-unsafe-but/

https://transitiontech.ca/random/RIIR

C is unsafe

>>2
Ada success was forcing bureaucracies to make Ada mandatory for security.
I assume Rust will be eventually pitched as something like "Ada++" and anything to be security-certified will have to be written in Rust.

A Canadian knowing aboot security, lmao.

I'm Daniel Stenberg, lead developer of curl and employed by Mozilla. I'm tall, Swedish and grumpy,

Well, ok then.

>>4

Ada success

Must be why it's only really used by the DoD, then.

The horde of authoritarian control wants nothing more than "perfect security" because it means they will have absolute power over what you can or cannot do. This "safe languages" movement is nothing but another extension of that. They'll use the same argument as done with terrorism, drugs, and porn to ban anything that could possibly be used to rebel.

Do you want every fucking aspect of your life paternalistically controlled by some faceless entity which you can't influence? Do you want to live like a machine, always complying and blissfully content to consume whatever rubbish keeps you in a semi-sentient state, while being exploited, monitored, and monetised? That's where things are going, and you don't agree, you must resist before it's too late.

"Those who give up freedom for security deserve neither."

>>8
hey I just don't want any segfaults, thanks

I like how the comments are either full of support, or epic ``maymays''.

>>10
Its a follow up to more famous post "Curl is C", after him interacting with Rust Shills
https://daniel.haxx.se/blog/2017/03/27/curl-is-c/

>>8
It's the exact opposite of what you say because you don't distinguish between your control over your own property and the government's control over you. Safe languages give you absolute power over your own machine so these groups can't do anything to you.
http://www.telegraph.co.uk/news/2017/05/12/nhs-hit-major-cyber-attack-hackers-demanding-ransom/
If we used safe languages, this would be as hard as hacking a filing cabinet.

They'll use the same argument as done with terrorism, drugs, and porn to ban anything that could possibly be used to rebel.

This is what the C promoters want. They want to use laws against you instead of fixing computers. Just like terrorists are allowed to enter Western countries and they blame guns, knives, and trucks so they can ban and restrict them. With safe languages, we wouldn't need as many laws, and if there weren't all of these Middle Eastern immigrants, there wouldn't be as many laws about terrorist attacks because they wouldn't happen. The people who want you to use C are the same ones who want to ban encryption and put backdoors in your hardware.

"Those who give up freedom for security deserve neither."

Programs don't have freedom. They are commands to a machine, which is property. People have freedom. Secure programming languages keep your computer (your property) safe from the dangerous people and groups you are talking about. Secure languages are like securing your home against all intruders so you have the freedom to do whatever you want with your own property, while that so-called "security" is about giving up freedom so the government could enter your house and spy on you whenever they want. They're polar opposites.

as hard as hacking a filing cabinet.

So, not hard at all then. To secure a filing cabinet you put it in a secure room.

>>13
what if it's an IoT® filing cabinet?

>This is what the C promoters want. They want to use laws against you instead of fixing computers.
What laws "C promoters" use?
>fixing computers
Programmers!= tech support

>>15
Whom are you quoting?

>>16
He's quoting >>12-san

>>13
How do you hack a filing cabinet in Britain from Eastern Europe or the Middle East? It can't be done. They would need a physical presence in the building. Safe languages will not protect you against people who have physical control of the machine and data. You use encryption and real locks and security guards for that, just like you can do with paper documents.

>>15
"They" are people who want to take away our freedom by promoting C and creating fear and crime. C is Middle Eastern terrorists and rapefugees for your computer. "They" are also open borders promoters. I don't know who "they" are, but if they didn't have some agenda, there would be better border control and more deportations of criminal immigrants, wouldn't there?

>>18
Your analogy still makes no sense.

>>19
It makes plenty of sense. Can someone in Russia put ransomware on a filing cabinet in Britain without leaving their house? Can Middle Eastern terrorists hack a filing cabinet thousands of miles away? No, they can't.

>>20
Of course they can, it's not hard to build a long-range robot or drone these days.

>>12
ransomware has nothing to do with safe or unsafe languages, it's mostly about OS's security/access policies. it's about finding flaws in logic logic, not low-level exploitation. see also https://daniel.haxx.se/blog/2017/03/27/curl-is-c/

C is not the primary reason for our past vulnerabilities

There. The simple fact is that most of our past vulnerabilities happened because of logical mistakes in the code. Logical mistakes that aren’t really language bound and they would not be fixed simply by changing language.

>>22
OSes are also written in C

>>23
but the fact that an OS like Windows allows arbitrary programs to encrypt everthing on a HDD has nothing to do with C, type safety or memory safety. it has everything to do with access policies, which are language-agnostic.

fucking stupid Rustfags, security is not just buffer overflows

Rust is the future, goyim

>>24
Nigga u dum.
If ransomware got executed on a Windows PC, then it's either because the user is an idiot and ran a random exe file with administrator privileges, or it was due to an exploit.

WannaCry, for example, exploited a buffer overflow vulnerability to attack and spread https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144
So yes it was because of C.

>>26
Isn't the overflow just what let it spread between computers on the same network?

>>22-27
Windows's crashes and security problems are mainly because of C.

>>26
no u. WannaCry (and Petya) made a big splash in the media but most of the money generated in ransomware campaigns has nothing to do with exploits (similarly: Stuxnet/Flame/Duqu made the news but most malware isn't as complex and doesn't use 0-days¹). usually, it's social engineering: it's not 'hey, run this .exe', more like 'hey, there's important information in this .doc file but you need to enable macros to see it'. social engineering is how most 'cyberattacks' work and you can't prevent that even if you ram a big black formally verified Coq into all the software you run.

^{1 - an aside: the 0-day used in Stuxnet exploited faulty logic, not C bugs}

>>28
>>29
That would imply that every computer that got infected had an idiot using it at the time. The buffer overflow vulnerability allowed for code execution.

>>30
Optimise your quotes, 「下さい」。

>>31
Nice try C programmer

Optimize those dubs!

>>30
it did with WannaCry and Petya but those are not really statistically significant. Locky and similar ransomware relied exclusively on people being idiots and brought in much more money

>>34
So? How is the operating system at fault there?

>>28
Windows is mostly written in C++, not C. And Linux, with its entire kernel and much of its userland written in C, has greater stability and security than Windows.

>>36

written in C++, not C.

Actually, it's written in both
the kernel is written only in C

>>35
better question: how is C at fault here?

>>38
the vulnerabilities are a result of buffer overflows